SCOM New experience for alerts generated by monitors in SCOM 2019

A

AdityaGoda

Guest
#1
The existing alert closure experience for the alerts generated by monitors has been revamped to be more meaningful and provide better value.

If the alert was generated by a monitor, as a best practice, you should allow the monitor to auto-resolve the alert when the health state returns to healthy or close the alert manually when the health state returns to healthy (if auto-resolve is set to false).

If you close the alert while the object is in a warning, critical or unhealthy state, the problem remains unresolved, and no further alerts are generated, unless the health state for the monitor has also been reset (If the monitor is not reset, the same condition that generated an alert can occur again but no alert will be generated because the health state has not changed.)

This behaviour, which often led to a scenario where there is no active alert in the system while an underlying problem is not resolved. Closure of alerts generated by monitors without resolving the underlying problem is fixed with SCOM 2019. An alert which has been generated by a monitor cannot be closed unless the health state of the corresponding monitor is healthy.

Behavior in operations console


If you close an alert generated by a monitor (from the Operations Console “Active alerts” view) which is in a unhealthy state then the following message will be displayed and the alert will not be closed:

“Alert(s) in the current selection cannot be closed as the monitor(s) which generated these alerts are still unhealthy. For more details on the alerts which could not be closed, view the “Alert Closure Failure” dashboard in the Operations Manager Web Console”




To close this alert the health state of the monitor has to be reset, if “auto-resolve” for this monitor is set to true then the alert will be auto closed with the health state reset else the alert has to be manually closed after the health state reset.

Behaviour in Web console


If you close an alert generated by a monitor (from the “Alert Alerts Dashboard” or any dashboard or the alerts drill down page of the web console) which is in a unhealthy state then the following message will be displayed and the alert will not be closed:

Active alerts dashboard (closing 1 alert generated by monitor which is in a unhealthy state, by using the “Set resolution state” action)



Alerts drill down page (closing the alert generated by monitor which is in a unhealthy state, by changing the “Resolution State”)



To forcefully close these kind of alerts, reset the health state of the monitor from the task available in the alerts drill down page:



Or

Navigate to the new “Alert Closure Failure” dashboard available in the monitoring tree of the web console, this dashboard lists all the active alerts in SCOM which were unable to close because the monitor which generated these respective alert is still unhealthy. You can select the alert which you want to forcefully close and reset the corresponding monitor by using the “Reset Health” action.

Note: This dashboards displays all the active alerts which were unable to close, irrespective of the tool from where the alert closure has been triggered.



If an alert closure has been triggered from the third party tools/systems (incident management/ticketing systems…) and if the alert was unable to close as the corresponding monitor is still unhealthy then we will be passing an exception with the alert details which can be leveraged by third party tools/systems.

The following 2 APIs have been enhanced to enable this new behaviour (more detailed documentation on the changes to the below APIs will be published soon):


Continue reading...
 
Top